SSUSA Job #917: Senior Information Security Risk Analyst
Senior Information Security Risk Analyst
One of our Fintech clients is seeking a Senior Information Security Risk Analyst with 9+ years of solid information security and risk experience that is able to engage senior management and regulators.
In order to comply with various organizational policies, client contractual obligations, and regulatory mandates related to Information/Privacy, Our client's Information Security and Compliance department is in the process of implementing a new Information Security Program and Risk Management framework based on various well know information security standards and frameworks such as ISO/NIST, which includes requirements for regularly assessing information risk and facilitate remediation of identified vulnerabilities within organization’s network, systems, and applications.
The Information Security and Compliance department require a dedicated resource to perform regular Risk and Vulnerability Assessments utilizing various IT Security Tools and Methodologies and reports on findings and recommendations for corrective action.
As a Senior Information Security Risk Analyst, this resource will be responsible for assessing information risks, identifying opportunities for reducing risk, and facilitate remediation of identified vulnerabilities within organization’s network, systems, and applications. Reports on findings and recommendations for corrective action. Perform regular Risk and Vulnerability Assessments utilizing various IT Security Tools and Methodologies and reports on findings and recommendations for corrective action. Identify opportunities to reduce risk and document remediation options regarding acceptance or mitigation of risk scenarios. Facilitate and monitor the performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintain oversight of IT and vendors regarding the security maintenance of their systems and applications. Provides regular status reports, including metrics and outstanding issues. Assist in all internal and external audits, and regulatory examinations.
- Provides oversight and governance of the organization’s Information Security/Cyber Security Program and communicates progress and issues to the Sr. Management;
- Initiates and develops innovative concepts to solve complex challenges with little or no precedent; creates new opportunities to enable the use of new solutions. Serves as a consultant to disseminate specialist information security knowledge and provide conceptual guidance to other senior and high-level technical experts.
- Develop and implement effective Threat and Vulnerability Management program;
- Research and investigate new and emerging vulnerabilities, to include 0 Day events, and participate in external security communities;
- Develop an externally focused view of the evolving threats facing the organization;
- Promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the organization.
- Responsible to integrate & manage feeds from application security tools, vulnerability scans & penetration testing tools into the company's Governance, Risk and Compliance platform.
- Assist in all internal and external audits, and regulatory examinations.
- Assist in development and implementation of policies, procedures, standards that meet existing and newly developed policies and regulatory mandates including privacy regulations such as GDPR, CCPA etc.
- Serve as project manager/lead within IT security projects.
- Examine systems and procedures to identify potential adverse events, including but not limited to hardware and software crashes, physical disasters, malicious intruders, malware, denial of service attacks and employee misconduct.
- Identify risks which might occur;
- Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks;
- Continuously evaluate communication security, data vulnerability, business continuity and compliance risks;
- Identify vulnerabilities or weaknesses in systems;
- Examine employee compliance with security controls and deficiencies;
- Evaluate security policy, processes and procedures for completeness;
- Ensure that controls are adequate to protect sensitive information systems;
- Report to management on IT system vulnerability and protection against malware and hackers;
- Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk;
- Provide mitigation/ damage reduction proposals with cost justification.
- Assist in identifying breaches in the organization’s security or tracking the source of an unauthorized intrusion.
- Identify defensive steps to take, including necessary firewalls, security software and data encryption;
- Recommend all infrastructure and applications patching and remediation be done;
- Recommend improvements in network security, identity management and logging.
- Monitor and advise on information security issues related to the systems to ensure the security controls are appropriate and operating as intended.
- Conduct organization wide data classification assessment & security audits and manage remediation plans.
- Create, manage and maintain user security awareness.
- Develop and maintain security operating procedures and associated documentation.
- Identify inefficiencies and make suggestions for process improvements.
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
- Perform semi-annual user access and entitlement reviews.
- Perform quarterly reviews and recertification’s of Privileged Accounts.
- Manage enterprise asset management initiative
- Should have proven experience in: project & program related communication & tasks, managing multiple projects & tasks at once, being productive while balancing a task list that can vary from highly interactive to very little interaction.
- Ability to work efficiently, making sound decisions while meeting time sensitive deadlines
- Superior organizational and time management skills
- Self-motivated and able to prioritize tasks based on business requirements
- Strong analytical and problem solving skills.
- Strong leadership and teambuilding skills.
- Self-motivated and detail-oriented.
- Creative thinking and troubleshooting.
- Excellent communication (oral and written), interpersonal, organizational, and presentation and listening skills.
- Strong deductive reasoning, critical thinking, problem solving, and prioritization skills
- Ability to work in a fast-paced, support team environment
- Ability to follow detailed process and procedure documentation
- Ability to present complex solutions and methods to general community
- Strong team player who collaborates well with others to solve problems
- 10+ years of progressive experience in Information Security with a proven ability to engage with Senior Management and Regulators
- 7+ years working in IT Risk Management
- Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
- Preferred: Knowledge of well-known standards and frameworks (e.g. ISO 27002, NIST Cybersecurity Framework, COBIT, COSO), rules and regulations related to information/cybersecurity (e.g. SOX, DFS, FRB, and FFIEC etc.)
- Preferred: 7+ years’ experience in conducting IT Compliance Assessments (e.g. SOX, DFS, FFIEC, DFS, ISO)
- Preferred: 7+ years’ experience in administrating IT Security Controls in an organization
- Preferred: 7+ years’ experience in performing security reviews and risk assessments
- Solid understanding of networking concepts
- Solid understanding of operating system security concepts
- Understanding of malware, emerging threats, attacks, and vulnerability management
- Experience assisting the development and maintenance of tools, procedure, and documentation
- Prior experience working within a financial service organization preferred.
- Required: Bachelor’s Degree from a four-year college or university in Engineering, Business Administration, Computer Science, Management Information Systems, Information Security.
- Required: CISSP, CISA, CRISC
- Optional: CSSLP, CISM, CEH
SEND YOUR RESUME TO JOBS@SSUSA.COM
MENTION JOB 917 IN THE SUBJECT BOX
New York City